Filtered by vendor Ffmpeg
Subscriptions
Total
478 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3109 | 3 Debian, Fedoraproject, Ffmpeg | 3 Debian Linux, Fedora, Ffmpeg | 2025-08-07 | 7.5 High |
| An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | ||||
| CVE-2022-3341 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-08-07 | 5.3 Medium |
| A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. | ||||
| CVE-2025-0518 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-05 | 5.3 Medium |
| Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman | ||||
| CVE-2023-6604 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-05 | 5.3 Medium |
| A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. | ||||
| CVE-2023-6601 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-05 | 4.7 Medium |
| A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. | ||||
| CVE-2023-6605 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-05 | 7.2 High |
| A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. | ||||
| CVE-2025-25469 | 1 Ffmpeg | 1 Ffmpeg | 2025-07-21 | 6.5 Medium |
| FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | ||||
| CVE-2025-25471 | 1 Ffmpeg | 1 Ffmpeg | 2025-07-21 | 4.3 Medium |
| FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. | ||||
| CVE-2025-22920 | 1 Ffmpeg | 1 Ffmpeg | 2025-07-13 | 5.3 Medium |
| A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). | ||||
| CVE-2025-1816 | 1 Ffmpeg | 1 Ffmpeg | 2025-07-12 | 4.3 Medium |
| A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-22919 | 1 Ffmpeg | 1 Ffmpeg | 2025-07-12 | 6.5 Medium |
| A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. | ||||
| CVE-2025-22921 | 1 Ffmpeg | 1 Ffmpeg | 2025-07-12 | 6.5 Medium |
| FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | ||||
| CVE-2025-25473 | 1 Ffmpeg | 1 Ffmpeg | 2025-07-12 | 5.3 Medium |
| FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. | ||||
| CVE-2024-22862 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-20 | 9.8 Critical |
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | ||||
| CVE-2023-6602 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-20 | 5.3 Medium |
| A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. | ||||
| CVE-2023-6603 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-20 | 7.5 High |
| A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. | ||||
| CVE-2023-50008 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-10 | 7.8 High |
| FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. | ||||
| CVE-2024-22860 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-09 | 9.8 Critical |
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | ||||
| CVE-2024-31585 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-09 | 5.3 Medium |
| FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2023-50010 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-09 | 7.8 High |
| FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component. | ||||